Skip to main content

Threat actor targeted DOD contracting website

posted onAugust 23, 2023
by l33tdawg
NextGov
Credit: NextGov

Malware leveraging flaws in edge routers has been observed siphoning data from public-facing U.S. military websites, according to a recent blog post from Black Lotus Labs.

The cyber research firm first reported on the exploit, dubbed HiatusRAT, in March. The threat group associated with the effort continued its campaign despite public exposure.

In June, the malware was observed targeting military systems as well as those associated with organizations based in Taiwan. Researchers characterized these efforts as reconnaissance, but the HiatusRAT exploit can also be highly invasive, allowing threat actors to monitor targeted machines and networks and capture router traffic. While the contracting systems targeted in this recent HiatusRAT campaign are public facing, researchers at Black Lotus Labs theorize that the threat actor is looking to not only capture unclassified documents on defense acquisition but to obtain information on Defense Industrial Base companies that interact with the system, "potentially for subsequent targeting."

Source

Tags

Industry News

You May Also Like

Recent News

Friday, November 29th

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th